CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Proszę o sprawdzenie loga

Proszę o sprawdzenie loga

Mam prośbę o sprawdzenie loga.
Komp bardzo zwolnił, innych objawów brak.


Logfile of HijackThis v1.99.1
Scan saved at 07:38:23, on 2005–08–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NWTRAY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Nowy folder\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.gaz.zabrze.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System\blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System\blank.htm
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
O4 – Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 – Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101805727359
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: NavLogon – C:\Windows\System32\NavLogon.dll
O21 – SSODL: anUXozuPwRX – {346F984A–9EC5–32E0–3817–80B463CDCEF7} – C:\Windows\System32\bvloh.dll (file missing)
O23 – Service: DefWatch – Symantec Corporation – C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 – Service: Provides three management service (FreeBSD) – Unknown owner – C:\Windows\System32\dev32.exe (file missing)
O23 – Service: Multi–user Cleanup Service – Unknown owner – C:\Program Files\lotus\notes\ntmulti.exe
O23 – Service: Klient Symantec AntiVirus (Norton AntiVirus Server) – Symantec Corporation – C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

Odpowiedzi: 10

Dzięki wszystkim za pomoc.
Jest juź OK :D
kyniuu
Dodano
03.08.2005 15:48:38
To jest niegroźne, chyba da się usunąć Ad–Aware w trybie awaryjnym. Jak nie wykryje to SpyBot.

Opis
:arrow: http://www.pogotovie.pl/encyklopedia_details.php?wirus_id=746&page=pelnyopis
Bocian36
Dodano
03.08.2005 13:16:46
Przeskanowałem Ad–Aware i SpyBot–em, potem zrobiłem wszystko tak jak pisał EL–NINIO. Restart i Panda On–Line. Oto raport:

Adware:adware/wupd Nie wyleczalny Windows Registry
kyniuu
Dodano
03.08.2005 13:01:49
kyniuu:
A oto raport Pandy Om–line:...
Wylacz przywracanie systemu – wyczysci Ci sie folder "System Volume Information". Z Dodaj/usun odinstaluj Media Access, uruchom kompa w awaryjnym i usun wszystko z tempow internetowych. Usun w awaryjnym reszte pozycji pokazanych przez Pande.
EL NINO
Dodano
03.08.2005 03:21:56
Dodatkowo zainstaluj i przeskanuj oprogramowaniem antyszpiegowskim, np. Ad–Aware i SpyBot, ewentualnie Microsoft AntiSpyware.
Bocian36
Dodano
02.08.2005 17:43:27
A oto raport Pandy Om–line:

Adware:adware/gator Nie wyleczalny C:\WINDOWS\GatorPdpLoudInstaller.log
Adware:adware/sbsoft Nie wyleczalny C:\WINDOWS\webdlg32.inf
Adware:adware/wupd Nie wyleczalny C:\PROGRAM FILES\Media Access
Adware:adware/cws.searchmeup Nie wyleczalny Windows Registry
Adware:Adware/WebHancer Nie wyleczalny C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\temp.frB325\Programs\whAgent.exe
Adware:Adware/WinAD Nie wyleczalny C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WebHancer Nie wyleczalny C:\System Volume Information\_restore{754B797A–B90B–4C92–BAE2–B45250BB3988}\RP44\A0006737.inf
Adware:Adware/WebHancer Nie wyleczalny C:\System Volume Information\_restore{754B797A–B90B–4C92–BAE2–B45250BB3988}\RP44\A0006739.ini
Adware:Adware/WebHancer Nie wyleczalny C:\System Volume Information\_restore{754B797A–B90B–4C92–BAE2–B45250BB3988}\RP44\A0006747.inf
Adware:Adware/SBSoft Nie wyleczalny C:\WINDOWS\webdlg32.inf
Adware:Adware/Popup.pop Nie wyleczalny C:\WINDOWS\winsx.inf
kyniuu
Dodano
02.08.2005 15:11:15
A oto raport Pandy Om–line:

Adware:adware/gator Nie wyleczalny C:\WINDOWS\GatorPdpLoudInstaller.log
Adware:adware/sbsoft Nie wyleczalny C:\WINDOWS\webdlg32.inf
Adware:adware/wupd Nie wyleczalny C:\PROGRAM FILES\Media Access
Adware:adware/cws.searchmeup Nie wyleczalny Windows Registry
Adware:Adware/WebHancer Nie wyleczalny C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\temp.frB325\Programs\whAgent.exe
Adware:Adware/WinAD Nie wyleczalny C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WebHancer Nie wyleczalny C:\System Volume Information\_restore{754B797A–B90B–4C92–BAE2–B45250BB3988}\RP44\A0006737.inf
Adware:Adware/WebHancer Nie wyleczalny C:\System Volume Information\_restore{754B797A–B90B–4C92–BAE2–B45250BB3988}\RP44\A0006739.ini
Adware:Adware/WebHancer Nie wyleczalny C:\System Volume Information\_restore{754B797A–B90B–4C92–BAE2–B45250BB3988}\RP44\A0006747.inf
Adware:Adware/SBSoft Nie wyleczalny C:\WINDOWS\webdlg32.inf
Adware:Adware/Popup.pop Nie wyleczalny C:\WINDOWS\winsx.inf
kyniuu
Dodano
02.08.2005 15:11:15
Dzięki za pomoc.
Wywaliłem te trzy dziadostwa i komp trochę jakby przyśpieszył, ale włączyłem Pande On–Line, nie przeszła jeszcze połowy, a juź mam 9 śmieci.
Przesyłam nowego loga – moźe jakaś tęga głowa znajdzie tutaj to cholerstwo.
Z góry dziękuje.

Logfile of HijackThis v1.99.1
Scan saved at 12:22:55, on 2005–08–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NWTRAY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Nowy folder\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.gaz.zabrze.pl/
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Start.exe
O4 – Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 – Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://www.bitdefender.com/scan8/oscan8.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101805727359
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: NavLogon – C:\Windows\System32\NavLogon.dll
O23 – Service: DefWatch – Symantec Corporation – C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 – Service: Provides three management service (FreeBSD) – Unknown owner – C:\Windows\System32\dev32.exe (file missing)
O23 – Service: Multi–user Cleanup Service – Unknown owner – C:\Program Files\lotus\notes\ntmulti.exe
O23 – Service: Klient Symantec AntiVirus (Norton AntiVirus Server) – Symantec Corporation – C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
kyniuu
Dodano
02.08.2005 14:31:44
Blank.htm to standard, ale zostal jeszcze
O21 – SSODL: anUXozuPwRX – {346F984A–9EC5–32E0–3817–80B463CDCEF7} – C:\Windows\System32\bvloh.dll (file missing)
Odszukaj plik i usun.
EL NINO
Dodano
02.08.2005 12:51:49
Witam, usuń:

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System\blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System\blank.htm
Bocian36
Dodano
02.08.2005 11:51:31
kyniuu
Dodano:
02.08.2005 09:51:33
Komentarzy:
10
Strona 1 / 1